Description

The behavior of a Directory Server instance is configured according
to server properties documented here and in the documentation specified under
the SEE ALSO section.

PROPERTY: check-schema-enabled

Syntax

on | off

Default Value

on

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies whether the server checks that entries being
updated still conform to the server schema.

PROPERTY: check-syntax-enabled

Syntax

on | off

Default Value

off

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies whether the server checks that attribute values
being updated have valid syntax. The server logs an error message when encountering
an invalid value and prevents the update. When this property is set to on, the server checks updates to attribute values defined as Boolean,
DN, Directory String, Generalized Time, IA5 String, INTEGER, or Telephone
Number syntax. This behavior holds both for offline import and for normal
write operations.

Syntax is not checked on existing entries in the database. To clean
up existing data, dump the database to LDIF, turn syntax checking on, and
reload the database. Data that violates the syntax is visible in the errors
log, and can be corrected and reloaded. You can also repair existing bad data
by deleting or replacing the bad value using an LDAP client. If syntax checking
is on, when a database is reloaded from LDIF, invalid syntax values are skipped
and recorded in the errors log. Valid syntax values are reloaded.

PROPERTY: config-magic-number

Syntax

STRING

Default Value

D-A00

Is readable

Yes

Is modifiable

No

Is multi-valued

No

This property specifies a value used by the Directory Server administration
framework and tools to determine the capabilities of a server instance.

PROPERTY: db-batched-transaction-count

Syntax

INTEGER

Default Value

0

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies how many server transactions are gathered into
a batch before being written to the transaction log. If writes to the transaction
log are a bottleneck, you may potentially improve performance by increasing
this value. Valid range is 0-30, 0 meaning that batching is turned off.

PROPERTY: db-cache-size

Syntax

MEMORY_SIZE

Default Value

32M

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the amount of physical memory Directory Server
requests from the operating system to cache indexes for all suffixes supported
by the server instance. See Directory Server Data Caching in Directory Server Enterprise Edition Reference for suggestions on sizing cache.

PROPERTY: db-checkpoint-interval

Syntax

DURATION

Default Value

60s

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the interval between checkpoints recorded in
the database transaction log.

PROPERTY: db-env-path

Syntax

PATH

Default Value

instance-path/db

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies a valid directory, unique to the server instance,
on a tmpfs file system used to limit the time spent flushing
pages for a server instance handling a high write load. There must be enough
space available on the tmpfs file system to house at least
the actual size of the database cache.

When changing this property, you must stop the server, delete the existing
database, and reimport all suffixes from LDIF, before restarting the server.

PROPERTY: db-lock-count

Syntax

INTEGER

Default Value

20000

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the number of locks available to the server
instance database. Increase this value if you observe the following message
in the errors log:

libdb: Lock table is out of available locks

PROPERTY: db-log-buf-size

Syntax

MEMORY_SIZE

Default Value

512k

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the transaction log buffer size. Valid range
is 0 to the size of the transaction log, which is 10M by default.

After changing this property, you must restart the server in order to
take the change into account.

PROPERTY: db-log-path

Syntax

PATH

Default Value

instance-path/db

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the file system directory containing the database
transaction log.

When changing this property, you must stop the server, delete the existing
database, and reimport all suffixes from LDIF, before restarting the server.

PROPERTY: def-repl-manager-pwd

Syntax

STRING

Default Value

See the description that follows.

Is readable

Yes

Is modifiable

No

Is multi-valued

No

This property lets you read the password used for replication binds
performed using simple authentication. Either you specify the password before
setting up replication by setting def-repl-manager-pwd-file to
specify the file containing the password you want to use, or you accept the
password value generated by the dsconf accord-replication subcommand.

PROPERTY: def-repl-manager-pwd-file

Syntax

PATH | ""

Default Value

""

Is readable

No

Is modifiable

Yes

Is multi-valued

No

This property specifies the file from which the default replication
password is read and stored for future use when setting up replication.

PROPERTY: dn-cache-count

Syntax

INTEGER | unlimited | disabled

Default Value

unlimited

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the size of the DN cache in terms of number
of entries. The value of dn-cache-count is unlimited by
default. The value of dn-cache-count can be an integer,
unlimited, and disabled and each of these has the following effect on dn-cache-size.

unlimited — cache is limited to the
cache size specified for dn-cache-size.

disabled — caching is disabled and dn-cache-size is ignored.

INTEGER — cache is limited to the
number of DNs specified by the value that you provide and dn-cache-size is
ignored. The value must be 1 or greater than 1.

Changing this property requires you to restart the server.

PROPERTY: dn-cache-size

Syntax

MEMORY_SIZE

Default Value

10M

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the size of the DN cache in terms of memory
space. This property is set by default. The cache size must be larger than 1M. The DN cache size specified for this property is taken into
account only when dn-cache-count is set to unlimited.

Changing this property requires you to restart the server.

PROPERTY: dsml-answer-size

Syntax

MEMORY_SIZE

Default Value

64k

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the maximum size of a server response to a DSML
request. Larger responses are chunked.

PROPERTY: dsml-buffer-size

Syntax

MEMORY_SIZE

Default Value

8k

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the size of the buffer used to store DSML requests.
If the server receives many DSML requests larger than this limit, increase
the buffer size.

PROPERTY: dsml-client-auth-mode

Syntax

clientCertOnly | httpBasicOnly | clientCertFirst

Default Value

httpBasicOnly

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies how the server identifies a client application.
The following settings are supported.

clientCertOnly

Use credentials from the client certificate to identify the
client.

httpBasicOnly

Use credentials from the HTTP authorization header to identify
the client.

clientCertFirst

Attempt to use the client certificate credentials to identify
the client. If there are no client certificate credentials, credentials from
the HTTP authorization header are used.

PROPERTY: dsml-enabled

Syntax

on | off

Default Value

off

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies whether the server accepts DSML requests.

PROPERTY: dsml-max-parser-count

Syntax

INTEGER

Default Value

5

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the maximum number of DSML parsers allocated
to handle client requests. Increase the value of this property if the server
must handle sustained, high numbers of DSML client requests.

PROPERTY: dsml-min-parser-count

Syntax

INTEGER

Default Value

10

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the minimum number of DSML parsers allocated
to handle client requests. Increase the value of this property if the server
must handle sustained, high numbers of DSML client requests.

PROPERTY: dsml-port

Syntax

INTEGER | disabled

Default Value

disabled

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the port number on which the server listens
for DSML requests. Changing the value requires that you restart the server.

PROPERTY: dsml-relative-root-url

Syntax

STRING

Default Value

/dsml

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the root URL HTTP clients should specify in
their POST requests.

PROPERTY: dsml-request-max-size

Syntax

MEMORY_SIZE

Default Value

32k

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the maximum size for DSML client requests.

PROPERTY: dsml-secure-port

Syntax

INTEGER | disabled

Default Value

disabled

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the port number on which the server listens
for DSML requests over HTTPS. Changing the value requires that you restart
the server.

PROPERTY: file-descriptor-count

Syntax

INTEGER

Default Value

1024

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the maximum number of file descriptors the server
instance attempts to use to handle client requests. Increase this value if
you observe the following message in the errors log:

Not listening for new connections -- too many fds open

PROPERTY: heap-high-threshold-size

Syntax

MEMORY_SIZE | undefined

Default Value

undefined

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies a threshold value for the dynamic memory footprint.
When the threshold memory is reached, Directory Server attempts to free
memory from the entry caches, and to limit memory use.

When heap-low-threshold-size is
reached, Directory Server attempts to free memory concurrently with other
operations.

When heap-high-threshold-size is reached, Directory Server
prevents operations on the cache while memory is freed.

heap-high-threshold-size and heap-low-threshold-size must be configured in conjunction with each other, as follows.

If heap-high-threshold-size is set to undefined or is not set, heap-low-threshold-size is
ignored.

If heap-high-threshold-size is set, its
value must be at least one gigabyte.

If heap-high-threshold-size is set, the
value of heap-low-threshold-size must be less than that
of heap-high-threshold-size. If not, heap-low-threshold-size is automatically set by default to 7/8 of the value of heap-high-threshold-size.

If heap-high-threshold-size is set to a
value other than undefined, heap-low-threshold-size is
automatically set by default to 7/8 of the value of heap-high-threshold-size.

If heap-high-threshold-size and heap-low-threshold-size are both set to a value other than undefined, heap-low-threshold-size must be greater than or equal to (heap-high-threshold-size
+ minheap)/2, where minheap is the amount of
heap memory used by the server at startup. If this condition is not met, heap-low-threshold-size is automatically set by default to 7/8 of
the value of heap-high-threshold-size.

The number of times the memory thresholds have been exceeded can be
monitored by using the heapmaxhighhits and heapmaxlowhits attributes on cn=monitor.

PROPERTY: heap-low-threshold-size

Syntax

MEMORY_SIZE | undefined

Default Value

undefined

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

See the description for heap-high-threshold-size.

PROPERTY: host-access-dir-path

Syntax

PATH | ""

Default Value

""

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the local directory path on the server host
where hosts.allow and hosts.deny files
are located. If this property is not set, or if the files are not found, Directory Server
does not enable the additional connection-based access controls provided by
these files.

PROPERTY: idle-timeout

Syntax

INTEGER | none

Default Value

none

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies how many seconds the server waits for traffic
on an idle LDAP client connection before closing the connection.

PROPERTY: import-cache-size

Syntax

MEMORY_SIZE

Default Value

64M

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the amount of physical memory Directory Server
requests from the operating system to cache data used when initializing a
suffix from LDIF. See Directory Server Data Caching in Directory Server Enterprise Edition Reference for suggestions on sizing cache.

PROPERTY: instance-path

Syntax

PATH

Default Value

Path set at server creation

Is readable

Yes

Is modifiable

No

Is multi-valued

No

This property specifies the file system directory under which the server
instance was created using the dsadm create command.

PROPERTY: ldap-port

Syntax

INTEGER | disabled

Default Value

389 | 1389

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the port on which the server listens for LDAP
client requests. The default port is 389 when the instance is created by the
system super user, 1389 otherwise. Changing this property requires that you
restart the server.

If you set both ldap-port and ldap-secure-port to disabled, you can no longer use dsconf to configure
the server.

PROPERTY: ldap-secure-port

Syntax

INTEGER | disabled

Default Value

636 | 1636

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the port on which the server listens for LDAPS
client requests using TLS or SSL. The default port is 636 when the instance
is created by the system super user, 1636 otherwise. Changing this property
requires that you restart the server.

If you set both ldap-port and ldap-secure-port to disabled, you can no longer use dsconf to configure
the server.

PROPERTY: listen-address

Syntax

STRING

Default Value

0.0.0.0

Is readable

Yes

Is modifiable

Yes

Is multi-valued

Yes

This property specifies the IP address at which the server listens for
LDAP client requests using the regular LDAP port. You can specify more than
one listen address for the same port number. The default listen address is
0.0.0.0. Changing this property requires that you restart the server.

PROPERTY: look-through-limit

Syntax

INTEGER | unlimited

Default Value

5000

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the maximum number of entries the server examines
when checking candidates to respond to a search request.

PROPERTY: max-psearch-count

Syntax

INTEGER

Default Value

30

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the maximum number persistent searches allowed.
You can read the number of active persistent searches in the value of currentpsearches on cn=monitor.

PROPERTY: max-thread-count

Syntax

INTEGER

Default Value

30

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the number of threads created at startup to
process operations. When tuning server performance, try setting this to twice
the number of processors or 20 plus the number of simultaneous updates expected.
You can read the number of active threads in the value of threads on cn=monitor.

PROPERTY: max-thread-per-connection-count

Syntax

INTEGER

Default Value

5

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the maximum number of concurrent threads used
to process operations on a single connection.

PROPERTY: pwd-expire-no-warning-enabled

This property specifies whether a password can expire without prior
warning to a client application.

PROPERTY: pwd-expire-warning-delay

Syntax

DURATION | disabled

Default Value

1d

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the duration preceding password expiration during
which the server returns warnings about the password expiring to client applications
binding using the password.

PROPERTY: pwd-failure-count-interval

Syntax

DURATION | disabled

Default Value

10m

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the age beyond which password failures are purged
from the failure count.

PROPERTY: pwd-grace-login-limit

Syntax

INTEGER | disabled

Default Value

disabled

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the number of times an expired password can
be used to authenticate.

PROPERTY: pwd-keep-last-auth-time-enabled

Syntax

on | off

Default Value

off

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies whether to record authentication times in the pwdLastAuthTime operational attribute on user entries.

PROPERTY: pwd-lockout-duration

Syntax

DURATION | disabled

Default Value

1h

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the how long before the server unlocks an account
that is locked.

PROPERTY: pwd-lockout-enabled

Syntax

on | off

Default Value

off

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies whether the server locks accounts after a specified
number, pwd-max-failure-count, of consecutive failed attempts
to bind.

PROPERTY: pwd-lockout-repl-priority-enabled

Syntax

on | off

Default Value

off

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies whether password lockout attributes are replicated
with high priority.

PROPERTY: pwd-max-age

Syntax

DURATION | disabled

Default Value

disabled

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the age beyond which a password expires.

PROPERTY: pwd-max-failure-count

Syntax

INTEGER | disabled

Default Value

3

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the number of consecutive failed bind attempts
after which the password may not be used to authenticate to the server.

PROPERTY: pwd-max-history-count

Syntax

INTEGER | disabled

Default Value

disabled

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the number of password values stored in the
password history of the entry. These values cannot be used again until they
are no longer present in the history.

PROPERTY: pwd-min-age

Syntax

DURATION | disabled

Default Value

disabled

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the minimum duration between password modifications.

PROPERTY: pwd-min-length

Syntax

INTEGER | disabled

Default Value

6

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the minimum number of characters allowed in
a password value when quality checking has been enabled.

PROPERTY: pwd-mod-gen-length

Syntax

INTEGER | disabled

Default Value

6

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the length of the password generated by Directory Server
when a password is reset using the LDAP Password Modify Extended Operation
defined in RFC
3062 and no new password value is specified.

Although the syntax for this property is integer, its value must be
between 6 and 512, inclusive.

PROPERTY: pwd-must-change-enabled

Syntax

on | off

Default Value

off

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies whether the password must be changed after the
initial client bind after the password has been set or reset by another user.

PROPERTY: pwd-root-dn-bypass-enabled

Syntax

on | off

Default Value

off

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies whether the directory super user is allowed
to update passwords with values that violate password policy.

PROPERTY: pwd-safe-modify-enabled

Syntax

on | off

Default Value

off

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies whether the current password must be provided
with the request to modify the password.

PROPERTY: pwd-storage-scheme

Syntax

STRING

Default Value

SSHA

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the algorithm used to encode password values.

PROPERTY: pwd-strong-check-dictionary-path

Syntax

PATH | none

Default Value

install-path/ds6/plugins/words-english-big.txt

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the path to the dictionary file used for strong
password checks.

PROPERTY: pwd-strong-check-enabled

Syntax

on | off

Default Value

off

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies whether the server checks new password values
to ensure they match with pwd-strong-check-require-charset settings,
and do not match records in the dictionary file.

PROPERTY: pwd-strong-check-require-charset

Syntax

lower | upper | digit | special | any-two | any-three

Default Value

lower && upper && digit && special

Is readable

Yes

Is modifiable

Yes

Is multi-valued

Yes

This property specifies the sets of characters that must be present
in a password value modification.

lower

The new password must include a lower case character.

upper

The new password must include an upper case character.

digit

The new password must include a digit.

special

The new password must include a special character.

any-two

The new password must include at least one character from
each of at least two of the abovementioned character sets.

any-three

The new password must include at least one character from
each of at least three of the abovementioned character sets.

PROPERTY: read-write-mode

This property specifies whether the suffixes and configuration data
on the server can be modified. Use frozen when quiescing
a server for online file system backup.

PROPERTY: ref-integrity-attr

Syntax

ATTR_NAME | ""

Default Value

""

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies attributes for which referential integrity must
be checked on update.

PROPERTY: ref-integrity-check-delay

Syntax

DURATION | undefined

Default Value

undefined

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the delay between referential integrity checks.
The default is no delay.

PROPERTY: ref-integrity-enabled

Syntax

on | off

Default Value

off

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies whether referential integrity checks are performed
by the server.

PROPERTY: repl-user-schema-enabled

Syntax

on | off

Default Value

off

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies whether only schema elements with X-ORIGIN of user-defined are replicated. This can be
useful when replicating between server versions with schema that are not fully
compatible.

PROPERTY: require-bind-pwd-enabled

Syntax

on | off

Default Value

on

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies whether the server rejects simple authentication
attempts to bind that do not include a password.

PROPERTY: retro-cl-deleted-entry-attr

Syntax

ATTR_NAME | ""

Default Value

""

Is readable

Yes

Is modifiable

Yes

Is multi-valued

Yes

This property specifies the attributes to record in the retro change
log when an entry is deleted.

PROPERTY: retro-cl-enabled

Syntax

on | off

Default Value

off

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies whether the server maintains a retro changelog
of all changes occurring on the server instance.

PROPERTY: retro-cl-ignored-attr

Syntax

ATTR_NAME | ""

Default Value

""

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the list of attributes not to record in the
retro changelog when updates occur.

PROPERTY: retro-cl-max-age

Syntax

DURATION | undefined

Default Value

undefined

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the maximum age of records in the retro changelog.
Older records are purged.

PROPERTY: retro-cl-max-entry-count

Syntax

INTEGER

Default Value

0

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the maximum number of records in the retro changelog.
Older records are purged. The value 0 corresponds to an unlimited number.

PROPERTY: retro-cl-path

Syntax

PATH

Default Value

instance-path/db/changelog

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the file system directory in which the changelog
is created.

PROPERTY: retro-cl-suffix-dn

Syntax

DN | undefined

Default Value

undefined

Is readable

Yes

Is modifiable

Yes

Is multi-valued

Yes

This property specifies the suffixes for which retro changelog records
are maintained.

PROPERTY: root-dn

Syntax

DN

Default Value

cn=Directory Manager

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the Distinguished Name of the Directory Manager
user, a user not subject to access controls.

PROPERTY: root-pwd

Syntax

STRING

Default Value

None

Is readable

Yes

Is modifiable

No

Is multi-valued

No

This property specifies the password for the Directory Manager user.
It is show hashed according to the password storage scheme used.

PROPERTY: root-pwd-file

Syntax

PATH | ""

Default Value

""

Is readable

No

Is modifiable

Yes

Is multi-valued

No

This property specifies the file containing the password for the Directory
Manager user. The file is read once, and the password is stored for future
use.

PROPERTY: root-pwd-storage-scheme

Syntax

STRING

Default Value

SSHA

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the algorithm used to encrypt the password for
the Directory Manager user. It must be one of the schemes specified by the pwd-supported-storage-scheme property.

PROPERTY: search-size-limit

Syntax

INTEGER | unlimited

Default Value

2000

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the maximum number of entries the server returns
for a search operation.

PROPERTY: search-time-limit

Syntax

INTEGER | unlimited

Default Value

3600

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the maximum number of seconds allocated by the
server to respond to a search request.

PROPERTY: secure-listen-address

Syntax

STRING

Default Value

0.0.0.0

Is readable

Yes

Is modifiable

Yes

Is multi-valued

Yes

This property specifies the IP address at which the server listens for
LDAP client requests using the secure LDAP port. You can specify more than
one secure listen address for the same port number. The default secure listen
address is 0.0.0.0. Changing this property requires that you restart the server.

PROPERTY: ssl-cipher-family

Syntax

STRING | all

Default Value

all

Is readable

Yes

Is modifiable

Yes

Is multi-valued

Yes

This property specifies the SSL ciphers the server can use for SSL communications.
The default value, all, does not mean all the supported
SSL ciphers, as supported ciphers with NULL key length are removed from the
list.

PROPERTY: ssl-client-auth-mode

Syntax

allowed | required | disabled

Default Value

allowed

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies whether the server allows, requires, or does
not allow SSL client authentication, in which the client application authenticates
sending its SSL certificate to the server.

PROPERTY: ssl-enabled

Syntax

on | off

Default Value

off

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies whether the server accepts SSL connnections.

PROPERTY: ssl-rsa-cert-name

Syntax

STRING

Default Value

defaultCert

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the name of the SSL certificate for the server.

PROPERTY: ssl-rsa-security-device

Syntax

STRING

Default Value

internal (software)

Is readable

Yes

Is modifiable

Yes

Is multi-valued

No

This property specifies the name of the security device used by the
server.

PROPERTY: ssl-supported-ciphers

Syntax

STRING

Default Value

Depends on underlying SSL library

Is readable

Yes

Is modifiable

No

Is multi-valued

No

This property specifies the full list of SSL ciphers the server can
support.

A duration specified in months (M), weeks (w), days (d), hours (h), minutes (m), seconds (s), and miliseconds (ms), or some combination with multiple specifiers. For example, you can specify one week as 1w, 7d, 168h, 10080m, or 604800s. You can also specify one week as 1w0d0h0m0s.

DURATION properties typically do not each support all duration specifiers (Mwdhms). Examine the output of dsconf help-properties for the property to determine which duration specifiers are supported.

EMAIL_ADDRESS

A valid e-mail address.

HOST_NAME

An IP address or host name.

INTEGER

A positive integer value between 0 and the maximum supported integer value in the system address space. On 32-bit systems, 2147483647. On 64-bit systems, 9223372036854775807.

INTERVAL

An interval value of the form hhmm-hhmm0123456, where the first element specifies the starting hour, the next element the finishing hour in 24-hour time format, from 0000-2359, and the second specifies days, starting with Sunday (0) to Saturday (6).

IP_RANGE

An IP address or range of address in one of the following formats:

IP address in dotted decimal form.

IP address and bits, in the form of network number/mask bits.

IP address and quad, in the form of a pair of dotted decimal quads.

All address. A catch-all for clients that are note placed into other, higher priority groups.

0.0.0.0. This address is for groups to which initial membership is not considered. For example, for groups that clients switch to after their initial bind.

A three-digit, octal file permissions specifier. The first digit specifies permissions for the server user ID, the second for the server group ID, the last for other users. Each digit consists of a bitmask defining read (4), write (2), execute (1), or no access (0) permissions, thus 640 specifies read-write access for the server user, read-only access for other users of the server group, and no access for other users.

PASSWORD_FILE

The full path to the file from which the bind password should be read.